<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>xss漏洞防御</title>
</head>
<body>
    <div>post方法</div>
    <form action="" method="post">
        <input type="text" name="username" placeholder="姓名">
        <input type="text" name="age" placeholder="年龄">
        <button type="submit">提交</button>
    </form>

    <div>get方法</div>
    <form action="" method="get">
        <input type="text" name="username" placeholder="姓名">
        <input type="text" name="age" placeholder="年龄">
        <button type="submit">提交</button>
    </form>


    <div id="show">
    <?php 

        $method = $_SERVER['REQUEST_METHOD'];
        if ($method == 'POST') {
            $username = isset($_POST['username']) ? $_POST['username']: "";
            $age = isset($_POST['age'])? $_POST['age'] : "";
        }

        if ($method == 'GET') {
            $username = isset($_GET['username'])? $_GET['username'] : '';
            $age = isset($_GET['age'])? $_GET['age'] : '';
        }

        echo "当前方法：$method".PHP_EOL;
        echo "<br/>";
        if(!empty($username) && !empty($age)){
            $username = htmlspecialchars($username);
            $age = htmlspecialchars($age);
            echo "<div>hello,$username!</div>";
            echo "<div>你已经${age}岁了!</div>";
        } else {
            echo "请输入姓名和年龄";
        }
    ?>
    </div>
    
</body>
</html>